What are the major challenges that CIOs in Australia are facing today?

Loke Yeow Wong: Cybercrime has evolved and the result is that Australian businesses are facing more risk than ever. In addition, in this day of instant-on gratification, CIOs and CSOs (Chief Security Officers) are challenged to securely support a world of continuous connectivity. Business risk and governance are aspects that need to be addressed. Organisations which require Governance, Risk Management and Compliance (GRC), especially where sensitive information is involved, will need to pay more attention to their security systems.

In an environment where traditional defences no longer work, the Instant-On enterprise requires a solution that provides complete visibility and critical insights into its infrastructure across all users, networks, data centres and applications. It must also be able to correlate and analyse disparate data in real-time, tying together seemingly separate actions across systems to detect threats and risks. This is the underpinning principle of our Enterprise Threat and Risk Management (ETRM) platform, which can be effectively achieved through proper planning and deployment of the ArcSight Security Information and Event Management (SIEM) technology.

What do CIOs tend to overlook when it comes to compliance management?

Loke Yeow Wong: One of the biggest oversights amongst organisations is the deployment of security solutions and controls purely for the sake of meeting compliance (i.e. checking a box). Many organisations miss the entire objective and intent of the compliance-security exercise, which can be quite dangerous as it can give a false sense of security. Very few organisations can effectively attest to the adequacy and continuous efficacy of the security controls that they have deployed. CIOs need to look for a solution that helps store and manage all enterprise log data, as well as one that automates compliance monitoring and reporting. They should consider a solution that makes it easy to build regulation-specific dashboards and auditor-friendly reports, to have a clear understanding of how their organisation compares to various compliance requirements and regulatory measures.

What are the upcoming opportunities that CIOs can capitalise on?

Loke Yeow Wong: Recent attacks present the opportunity for CIOs to learn from the experiences of others and reassess the way their organisations approach security. Maturing awareness and appreciation of the general market, especially among corporate leaders and decision-makers, towards the importance of a robust security strategy and implementation should help pave the way towards implementing solutions that proactively identify and manage IT risk.

What best practices would you recommend?

Loke Yeow Wong: In the short term, organisations should work on harnessing the collective intelligence that is captured by their existing IT systems and devices with the aim of creating a consolidated “big picture” view of their IT environment. This will allow analysis for any signs and trends of potentially malicious events and activities, so that timely and effective follow-up action can be taken to address them.

In the longer term, organisations should work toward a comprehensive view of enterprise risk, including both fraud and information security monitoring.

Today’s IT environment is constantly evolving and changing, and the SIEM solution that monitors this environment must be adaptive, nimble, future-proof and designed to continuously monitor the business for risk as technology changes. The platform should be neutral and not permanently locked-in to any specific product brand. Only when these considerations are taken on board can CIOs ensure that their organisation’s information strategy will evolve with the business strategy.

This unique forum will take place at the RACV Royal Pines Resort, Gold Coast, Queensland, Australia, 25 - 27 July 2011. Offering much more than any conference, exhibition or trade show, this exclusive meeting will bring together esteemed industry thought leaders and solution providers to a highly focused and interactive networking event. The Summit includes presentations on enhancing the business, unlocking enterprise-wide innovation and boosting organisational efficiency.

Please note that the summit is a closed business event and the number of participants strictly limited.

About marcus evans Summits

marcus evans Summits are high level business forums for the world’s leading decision-makers to meet, learn and discuss strategies and solutions. Held at exclusive locations around the world, these events provide attendees with a unique opportunity to individually tailor their schedules of keynote presentations, think tanks, seminars and one-to-one business meetings. For more information, please visit www.marcusevans.com

All rights reserved. The above content may be republished or reproduced – kindly inform us by sending an email to press@marcusevanscy.com